QUALYS 


AUTOMATING PCI COMPLIANCE VALIDATION FOR 
ACQUIRING INSTITUTIONS 


The Payment Card Industry Data Security Standard, known as PCI DSS, is a global security standard devel- 
oped by the major credit card brands as a guideline to help organizations that process credit card payments 
protect sensitive customer data. A company processing card payments must be PCI compliant or they risk 
losing the ability to process credit card payments. Merchants and Service Providers must validate compliance 
through quarterly security scans and either a yearly self-assessment or certified audit. 


PCI adoption driven by Incentives & Fines 

Adoption of the PCI Standard has been driven mainly through the use of incentives and fines. Incentives 
have been offered to Merchants and Acquiring Institutions in the form of one-time payments and reduced 
interchange rates. Fines have been assessed to large Merchants who have failed to comply, and are now 
being focused at Acquiring Institutions who fail to ensure that their Merchants are meeting PCI requirements. 
Most recently, Visa announced that it will assess fines up to $25,000 for Acquiring Financial 
Institutions with Merchants that are not compliant with the PCI Standard by September 30th, 2007. 


Automated compliance for you and your Merchants via QualysGuard PCI 

QualysGuard PCI is the only, fully-automated on demand PCI compliance solution that helps both 
Acquiring Institutions and Merchants automate PCI compliance. For you and your Merchants, 
QualysGuard PCI enables: 


- Validation which allows Merchants to submit their Proof-of-Compliance directly to their 
Acquiring Institution. 


- Tracking of Compliance by viewing the current compliance status of all Merchants from a Single 
Screen, including Submit Dates and Passed Status for Scans and Questionnaires. 


- Continuing Education by partnering with Qualys in a joint marketing effort to educate your 
Merchant Community to the PCI Standard through the use of online presentations, documentation 
and phone support. 


- Automated Enrollment by providing Merchants with a self-service, co-branded web page which 
allows them to create their own QualysGuard PCI account and immediately start running PCI scans. 


Offer your Merchants a PCI Compliance Solution 

Acquiring Institutions can provide QualysGuard PCI to Merchants, free of charge for their first round of 
Quarterly PCI scans, while alleviating time and resources lost on PCI validation by participating in Qualys’ 
Revenue Sharing Program. Acquiring Institutions can then offer the option to purchase a year subscription 
to the service as part of their Merchant Data Security Program or as a renewal option on existing yearly 
contracts. This offering perfectly complements existing requirements by VISA that Acquirers include a 

PCI / CISP Compliance Provision in all contracts with Merchants. 
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QualysGuard PCI Compliance Validation Lifecycle 


1) Automated Enrollment 
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QualysGuard PCI 14-Day Trial 


Payment Processing Inc takes the safety and security of 
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Security Standard. Delivered as an on demand Web application, 


QualysGuard PCI requires no software to deploy and manage. 
Setup is completed within minutes through a secure Web 
browser 


form to initiate your free QualysGuard PCI trial - there's 
risk or obligation 
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Payment Card Industry Self-Assessment Questionnaire 
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Buiid and Maintain a Secure Network 


Roqulcement tof 12: Install and maintain a firewall configuration to protect data 


Merchants create their own accounts 
via a co-branded web page 


Q Scan and Remediate 


Merchants log into QualysGuard PCI 
and follow 3 steps to PC! Compliance 
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Step 1: Complete Self-Assessment 
Questionnaire 
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Step 2: View scan results and remediate 
all high-level vulnerabilities 


Key Benefits 


— Avoid costly fines by providing your Merchant 
community with a simple 3 step process to PCI 
compliance 


- Drive adoption of the PCI standard by partnering 
with Qualys: the leader in on-demand security 


- Simplify tracking of compliance through a 
single unified interface 


— Regain resources lost on validation efforts 
through a revenue sharing program 


— Automate merchant enrollment 


Drive Adoption of the PCI Standard 
— Offer free trial accounts of QualysGuard PCI 


— Educate merchants to the PCI Standard 
through online presentations and documentation 


— Provide Merchants live help via Qualys’ award- 
winning 24x7 technical support 


USA - Qualys, Inc. 
1600 Bridge Parkway 
Redwood Shores 

CA 94065 

T: 1 (650) 801 6100 
sales@qualys.com 
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www.qualys.com 


UK - Qualys, Ltd. 
224 Berwick Avenue 
Slough, Berkshire 


T: +44 (0) 1753 872101 


Step 3: View Verification Report and 
Auto-Submit to Acquiring Institution 


Simplify Tracking of Compliance 


— Merchants automatically submit their 
questionnaire and scan results 


— Eliminate time consuming encryption tasks 
associated with email submissions 


— View all Merchants’ compliance status from a 
single web page 

— Sort by current compliance status (pass or 
fail), submit date, next due date or next action 
required 


— Generate reports automatically from any web 
browser 


Regain Lost Revenue 


— Recover from time and resources lost on com- 
pliance validation by participating in Qualys’ 
Revenue Sharing Program 


— Program can be used to fund additional efforts 
to drive adoption within the Merchant community 


Germany - Qualys GmbH 
Munchen Airport 
Terminalstrasse Mitte 18 
85356 München 

T: +49 (0) 89 97007 146 


Acquiring Institution can Track 
Compliance Status and View Reports 


Automate Enrollment 


— Self-Service account creation via a co-branded 
web page 

- Merchants can start running PCI scans immedi- 
ately 


— Purchasing options can be integrated into existing 
merchant programs 


Industry Leading PCI Certified Solution 


-— QualysGuard PCI has been approved by the 
PCI Council to provide PCI scanning services 


— Over half of all PCI certified organizations have 
standardized on Qualys for their PCI scanning 
services 


- Six Sigma quality program drives the most 
accurate security scans in the industry 


France - Qualys Technologies 
Maison de la Défense 

7 Place de la Défense 

92400 Courbevoie 

T: +33 (0) 1 41 97 35 70 
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